BART Police database hacked - names and addresses posted online

Filed Under: Data loss, Law & order, Privacy, Vulnerability

BART policeA database belonging to the BART Police Officers Association appears to have been hacked, and the names, postal and email addresses of officers posted online.

Just over 100 officers are listed in the document, in what is clearly a serious security breach.

The reason why BART is the focus for so much attention by hackers? Last week, in a highly controversial move, several BART stations in San Francisco halted their cellphone service for a few hours. It was believed that people protesting about the fatal shooting of a homeless man by BART police, might be co-ordinating their protest via mobile phone.

Of course, what's happened now is that over 100 innocent police officers have had their safety put at risk by hackers revealing their private information.

OpBART - names and addresses of police officers

Earlier this week the Anonymous were blamed for hacking the website - belonging to San Francisco's BART (Bay Area Rapid Transit) system, and there has been speculation online that hackers affiliated with Anonymous may also be responsible for this latest attack.

But it seems even "official" Anonymous mouthpieces for the movement, aren't sure as to whether it's Anonymous's work or not.

Anonymous tweets

I guess one of the problems of being a decentralised hacktivist group, with no leadership structure and no way of identifying members, is that anyone can claim to have done something under the Anonymous banner and no-one can credibly argue that it wasn't an Anonymous action.

After all, if it's truly anonymous how is anyone to know what they have done and what they haven't done?

Many Anonymous supporters may see this as an advantage. Me? I'm not so sure.

One thing is for certain - the BART Police Officers Association has been caught with its pants down. Its website is currently offline (replaced with a holding page) and it seems likely that a vulnerability on their site will have let the hackers access the police officer's database.

Clearly the information had not been properly secured. In the current climate of high profile hacks that's not excusable. Other forces would be wise to look at their own sites and make sure that they are not similarly vulnerable to attack.

, , , , ,

You might like

4 Responses to BART Police database hacked - names and addresses posted online

  1. Lamaline_5mg · 1471 days ago

    Lamaline_5mg (french 16 Y o girl) did it.
    actually, I am her.

    Nice post.

  2. Fred Wortham · 1470 days ago

    What will it take to get folks to take computer and database security seriously?!? A real tragedy?! Geeze, people... :-(

  3. Bill Johnson · 1281 days ago

    Its funny how you mention the BART police as innocent. You are overlooking the fact that these power hungry pigs KILLED a homeless man. Obviously anonymous felt like they were serving up some well deserved justice to a police force they feel deserves it. The man may have been homless, but does that mean his life is valueless?

  4. Darren Chaker · 386 days ago

    Publishing police home addresses is merely reposting a public record which already exists at the county recorders office. Thus, there is simply nothing against the law to do so. Further, Planned Parenthood lost a similar case where anit-abortion protesters posted the home addresses of doctors who perform abortions.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley